| 1838 | How Docker Made Me More Capable and the Host Less Secure |
Local Privilege Escalation |
Microsoft |
Alon Zahavi (@Alon_Z4) |
Bug Bounty | 2022-02-08 | 2023-06-13 |
| 1773 | Skype extension: All functionality broken? Still exploitable! |
Information disclosure
Privacy issue |
Microsoft |
Wladimir Palant (@WPalant) |
Bug Bounty | 2022-03-01 | 2023-06-13 |
| 1740 | How I bypassed disable_functions in php to get a remote shell |
RCE |
NA |
Asem Eleraky (@melotover) |
Bug Bounty | 2022-03-13 | 2023-06-13 |
| 1725 | How I was able to find 50+ Cross-site scripting (XSS) Security Vulnerabilities on Bugcrowd Public Program? |
XSS |
NA |
akshal(tojojo) |
Bug Bounty | 2022-03-16 | 2023-06-13 |
| 1713 | CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera |
Browser hacking |
Google
Microsoft
Opera |
Maciej Pulikowski (@pulik_io) |
Bug Bounty | 2022-03-19 | 2023-06-13 |
| 1692 | How I was able to rick roll every users on root-me.org |
XSS |
Root-Me |
Mizu (@kevin_mizu) |
Bug Bounty | 2022-03-27 | 2023-06-13 |
| 1675 | Debugging the undebuggable and finding a CVE in Microsoft Defender for Endpoint |
Endpoint spoofing |
Microsoft |
Gijs Hollestelle |
Bug Bounty | 2022-04-01 | 2023-06-13 |
| 1670 | How The Tables Have Turned: An analysis of two new Linux vulnerabilities in nf_tables |
Memory corruption
Local Privilege Escalation |
Linux Kernel Organization |
David Bouman (@pqlqpql) |
Bug Bounty | 2022-04-02 | 2023-06-13 |
| 1668 | Exploiting a double-edged SSRF for server and client-side impact |
SSRF |
NA |
Yassine Aboukir (@Yassineaboukir) |
Bug Bounty | 2022-04-03 | 2023-06-13 |
| 1667 | Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline |
Privilege escalation
CI/CD |
GitHub |
Noam Dotan |
Bug Bounty | 2022-04-04 | 2023-06-13 |
| 1638 | NotGitBleed |
Information disclosure |
GitHub |
Aaron Devaney |
Bug Bounty | 2022-04-11 | 2023-06-13 |
| 1618 | How I was able to see likes and dislikes count even though is hidden by victim | YouTube #4 |
Broken Access Control |
Google |
R ando (@Rando02355205) |
Bug Bounty | 2022-04-15 | 2023-06-13 |
| 1612 | Palisade identifies Wormable Cross-Site Scripting Vulnerability affecting Rarible’s NFT Marketplace |
XSS |
Rarible |
Palissade (@PalisadeLLC) |
Bug Bounty | 2022-04-18 | 2023-06-13 |
| 1610 | AWS%27s Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation |
Privilege escalation
Container escape |
AWS |
Unit 42 (@Unit42_Intel) |
Bug Bounty | 2022-04-19 | 2023-06-13 |
| 1585 | Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks |
Privilege escalation
CI/CD |
NA |
Noam Dotan |
Bug Bounty | 2022-05-02 | 2023-06-13 |
| 1541 | How I was able to access IBM internal documents |
Information disclosure
IDOR |
IBM |
Mohamed Taha (@Mohamed12742780) |
Bug Bounty | 2022-05-19 | 2023-06-13 |
| 1534 | How I was able to down a service of Microsoft ? Denial of Service (DOS) Attack on Microsoft. |
DoS |
Microsoft |
Harsh Banshpal (@harshbanshpal) |
Bug Bounty | 2022-05-21 | 2023-06-13 |
| 1520 | 2nd RCE and XSS in Apache Struts before 2.5.30 |
RCE
Double OGNL evaluation
XSS |
Apache Struts |
Chris (@mc_0wn) |
Bug Bounty | 2022-05-25 | 2023-06-13 |
| 1473 | How I was able to see likes and dislikes count which is hidden by victim | YouTube #1 |
Logic flaw
Authorization flaw |
Google |
Jay Jani (@JayJani007) |
Bug Bounty | 2022-06-14 | 2023-06-13 |
| 1464 | Hertzbleed Attack |
Side-channel attack
Hardware hacking
Cryptographic issues |
Intel
Cloudflare
Microsoft |
Yingchen Wang (@YingchenWang96) |
Bug Bounty | 2022-06-14 | 2023-06-13 |
| 1455 | Chaining MFA-Enabled IAM Users with IAM Roles for Potential Privilege Escalation in AWS |
Privilege escalation |
AWS |
Jason Kao |
Bug Bounty | 2022-06-16 | 2023-06-13 |
| 1452 | How I was able to see likes and dislikes count which is hidden by victim | YouTube #2 |
Logic flaw
Authorization flaw |
Google |
Jay Jani (@JayJani007) |
Bug Bounty | 2022-06-17 | 2023-06-13 |
| 1440 | We were vulnerable - how a security company could have vulns |
Broken Access Control
Authorization flaw
Information disclosure |
Volkis |
Soman Verma |
Bug Bounty | 2022-06-22 | 2023-06-13 |
| 1366 | Tableau Server Leaks Sensitive Information From Reflected XSS |
Reflected XSS |
Salesforce |
Simon Bouchard (@SimTwisted) |
Bug Bounty | 2022-07-14 | 2023-06-13 |
| 1346 | Authomize Discovers PassBleed Password Stealing and Impersonation Risks in Okta |
Sensitive data sent over an unencrypted channel
Authorization flaw
Information disclosure |
Okta |
Authomize (@Authomize) |
Bug Bounty | 2022-07-19 | 2023-06-13 |
